Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/W0AAJRLr6gi2r74kS95DxTYGfTw.roa
File:                     W0AAJRLr6gi2r74kS95DxTYGfTw.roa (raw, json)
Hash identifier:          MH+HQqYFMBeGJJqR0jYHA1u1MAdvWa+AHHutk6W2MvA=
Subject key identifier:   5B:40:00:25:12:EB:EA:08:B6:AF:BE:24:4B:DE:43:C5:36:06:7D:3C
Certificate issuer:       /CN=485ddb678c4c0d0c488efd3b8367142189f3358a
Certificate serial:       0194228DDA2764EFA4799238ABE27F283C1C
Authority key identifier: 48:5D:DB:67:8C:4C:0D:0C:48:8E:FD:3B:83:67:14:21:89:F3:35:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/W0AAJRLr6gi2r74kS95DxTYGfTw.roa
Signing time:             Wed 01 Jan 2025 15:48:29 +0000
ROA not before:           Wed 01 Jan 2025 15:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60754
IP address blocks:        212.8.50.0/23 maxlen: 23
                          212.8.50.0/24 maxlen: 24
                          212.8.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:da:27:64:ef:a4:79:92:38:ab:e2:7f:28:3c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=485ddb678c4c0d0c488efd3b8367142189f3358a
        Validity
            Not Before: Jan  1 15:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b40002512ebea08b6afbe244bde43c536067d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:55:69:9c:dc:e5:3b:a8:f6:df:d4:fe:ac:70:
                    45:d6:63:98:c1:a2:2d:3d:c0:a3:5f:06:2a:0c:f5:
                    a6:05:d0:73:ab:02:bb:dc:23:28:2f:84:f3:f3:d1:
                    1e:01:5c:60:78:b6:da:44:5a:f9:93:97:c5:19:89:
                    3d:f3:37:b0:1a:3d:47:9c:d3:2b:ed:80:4a:da:9c:
                    70:9d:46:4e:15:6d:80:8e:e6:48:11:80:0c:b7:ef:
                    38:87:24:4d:42:81:49:15:f7:c9:72:5c:26:66:df:
                    69:d6:01:d6:e9:cd:80:83:34:d9:a6:eb:af:31:93:
                    92:89:9c:79:e9:9e:c2:70:eb:7e:20:68:8b:b5:05:
                    b2:96:c9:8b:09:d1:2d:3e:6c:5f:bd:2d:bc:35:9e:
                    e0:e0:6a:e0:70:ec:95:a4:1e:04:78:49:5d:9c:e0:
                    fb:2b:2b:fa:8c:ec:77:72:df:46:70:a4:51:22:ef:
                    c8:37:13:c8:e8:36:b3:bb:65:70:04:3c:9f:f2:ee:
                    4a:eb:b7:d5:8b:db:67:ae:55:81:14:7a:6d:c0:de:
                    5f:53:00:d7:ce:e8:6e:65:24:a2:c7:fc:a1:db:64:
                    a9:e1:d0:d7:9c:96:e6:2c:85:8b:17:3e:90:1c:8b:
                    a3:2d:00:a1:0f:7b:2b:c9:fc:0e:7b:5c:75:07:d9:
                    fd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:40:00:25:12:EB:EA:08:B6:AF:BE:24:4B:DE:43:C5:36:06:7D:3C
            X509v3 Authority Key Identifier:
                keyid:48:5D:DB:67:8C:4C:0D:0C:48:8E:FD:3B:83:67:14:21:89:F3:35:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/W0AAJRLr6gi2r74kS95DxTYGfTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:e5:17:8b:59:e2:a2:af:33:8b:6e:16:7d:2e:f0:f3:fb:01:
         f0:71:f0:8a:37:06:14:20:a1:ce:96:6b:17:78:c7:f1:9b:af:
         42:ca:cb:b3:f3:5c:11:7b:84:b0:27:81:bc:b4:f1:dc:eb:30:
         75:52:89:fd:8f:95:dd:d3:2e:b9:c0:87:14:db:59:bc:fe:85:
         61:0f:c2:88:ad:62:b3:2b:a6:2a:fb:f2:ba:17:c8:70:4a:29:
         7c:da:db:15:56:2d:75:8b:89:d1:09:94:eb:f4:08:84:22:fa:
         42:66:7a:30:b7:ea:cd:dc:94:cc:ed:5b:13:e6:f5:d8:a6:c8:
         29:be:17:95:e3:1e:3b:cd:60:b7:c3:3c:a2:54:7d:9b:74:ea:
         e5:be:8f:dc:18:ae:b6:a8:79:8f:81:cc:a6:c9:30:97:cf:dc:
         2b:69:da:4d:d9:67:49:4c:b8:5f:e5:a5:f8:e6:b0:52:e3:a8:
         f1:9f:bb:6c:fa:c4:3b:0b:c9:7f:bd:f7:44:c6:9b:04:0a:ed:
         84:6e:dc:11:51:ae:9d:c1:43:66:9b:5d:95:60:ad:e8:38:0f:
         18:98:fb:a5:b8:4f:aa:3c:4c:f1:f5:57:27:04:43:80:d3:62:
         f8:55:fe:06:8d:dc:ee:be:70:3e:d3:8a:9c:c2:1d:a2:10:22:
         27:d0:2b:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijdonZO+keZI4q+J/KDwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NWRkYjY3OGM0YzBkMGM0ODhlZmQzYjgzNjcxNDIxODlm
MzM1OGEwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQwMDAyNTEyZWJlYTA4YjZhZmJlMjQ0YmRlNDNjNTM2MDY3ZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71VpnNzlO6j239T+rHBF1mOYwaIt
PcCjXwYqDPWmBdBzqwK73CMoL4Tz89EeAVxgeLbaRFr5k5fFGYk98zewGj1HnNMr
7YBK2pxwnUZOFW2AjuZIEYAMt+84hyRNQoFJFffJclwmZt9p1gHW6c2AgzTZpuuv
MZOSiZx56Z7CcOt+IGiLtQWylsmLCdEtPmxfvS28NZ7g4GrgcOyVpB4EeEldnOD7
Kyv6jOx3ct9GcKRRIu/INxPI6Dazu2VwBDyf8u5K67fVi9tnrlWBFHptwN5fUwDX
zuhuZSSix/yh22Sp4dDXnJbmLIWLFz6QHIujLQChD3sryfwOe1x1B9n9pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtAACUS6+oItq++JEveQ8U2Bn08MB8GA1UdIwQY
MBaAFEhd22eMTA0MSI79O4NnFCGJ8zWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0YzYlo0eE1EUXhJanYwN2cyY1VJWW56TllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iZWIyMDAtZTVkNi00Njk2LWFlMjUt
ZGViZmNkOWViMjBlLzEvVzBBQUpSTHI2Z2kycjc0a1M5NUR4VFlHZlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iZWIyMDAtZTVkNi00Njk2LWFlMjUtZGViZmNkOWViMjBl
LzEvU0YzYlo0eE1EUXhJanYwN2cyY1VJWW56TllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1AgyMA0G
CSqGSIb3DQEBCwUAA4IBAQB/5ReLWeKirzOLbhZ9LvDz+wHwcfCKNwYUIKHOlmsX
eMfxm69Cysuz81wRe4SwJ4G8tPHc6zB1Uon9j5Xd0y65wIcU21m8/oVhD8KIrWKz
K6Yq+/K6F8hwSil82tsVVi11i4nRCZTr9AiEIvpCZnowt+rN3JTM7VsT5vXYpsgp
vheV4x47zWC3wzyiVH2bdOrlvo/cGK62qHmPgcymyTCXz9wradpN2WdJTLhf5aX4
5rBS46jxn7ts+sQ7C8l/vfdExpsECu2EbtwRUa6dwUNmm12VYK3oOA8YmPuluE+q
PEzx9VcnBEOA02L4Vf4GjdzuvnA+04qcwh2iECIn0Csc
-----END CERTIFICATE-----